Julius Randle (New York Knicks) with a dunk vs the Sacramento Kings, 01/22/2021
Julius Randle (New York Knicks) with a dunk vs the Sacramento Kings, 01/22/2021
Federer has needed two operations to correct a long-standing knee issue.
BOSTON — The SolarWinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — co-ordinated series of intrusions also detected in December has gotten considerably less public attention. Nimble, highly skilled criminal hackers believed to operate out of Eastern Europe hacked dozens of companies and government agencies on at least four continents by breaking into a single product they all used. The victims include New Zealand’s central bank, Harvard Business School, Australia’s securities regulator, the high-powered U.S. law firm Jones Day — whose clients include former President Donald Trump — the rail freight company CSX and the Kroger supermarket and pharmacy chain. Also hit was Washington state's auditor’s office, where the personal data of up to 1.3 million people gathered for an investigation into unemployment fraud was potentially exposed. The two-stage mega-hack in December and January of a popular file-transfer program from the Silicon Valley company Accellion highlights a threat that security experts fear may be getting out of hand: intrusions by top-flight criminal and state-backed hackers into software supply chains and third-party services. The casualties keep piling up, with many being extorted by the Russian-speaking Clop cybercriminal gang, which threat researchers believe may have bought pilfered data from the hackers. Their threat: Pay up or we leak your sensitive data online, be it proprietary documents from Canadian aircraft maker Bombardier or lawyer-client communications from Jones Day. The hack of up to 100 Accellion customers, who were easily identified by the hackers with an online scan, puts in painful relief a digital age core mission at which both governments and the private sector have been falling short. “Attackers are finding it harder and harder to gain access via traditional methods, as vendors like Microsoft and Apple have hardened the security of the operating systems considerably over the last years. So, the attackers find easier ways in. This often means going via the supply chain. And as we’ve seen, it works,” said Mikko Hypponen, chief research officer of the cybersecurity firm F-Secure. Members of Congress are already dismayed by the supply-chain hack of the Texas network management software company SolarWinds that allowed suspected Russian state-backed hackers to tiptoe unnoticed — apparently intent solely on intelligence-gathering — for more than half a year through the networks of at least nine government agencies and more than 100 companies and think tanks. Only in December was the SolarWinds hacking campaign discovered, by the cybersecurity firm FireEye. France suffered a similar hack, blamed by its cybersecurity agency on Russian military operatives, that also gamed the supply chain. They slipped malware into an update of network management software from a firm called Centreon, letting them quietly root around victim networks from 2017 to 2020. Both those hacks snuck malware into software updates. The Accellion hack was different in one key respect: Its file-transfer program resided on victims’ networks either as a stand-alone appliance or cloud-based app. Its job is to securely move around files too large to be attached to email. Mike Hamilton, a former Seattle chief information security officer now with CI Security, said the trend of exploiting third-party service providers shows no signs of slowing because it gives criminals the highest return on their investment if they "want to compromise a broad swath of companies or government agencies.” The Accellion breach's impact might have been dulled had the company alerted customers more quickly, some complain. The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application — using antiquated technology and set for retirement — had been breached. Despite having a patch available on Dec. 20, Accellion did not notify the bank in time to prevent its appliance from being breached five days later, the bank said. “If we were notified at the appropriate time, we could have patched the system and avoided the breach,” Orr said in a statement posted on the bank’s website. Among information stolen were files containing personal emails, dates of birth and credit information, the bank said. Similarly, the Washington state auditor’s office has no record of being informed of the breach until Jan. 12, the same day Accellion announced it publicly, said spokeswoman Kathleen Cooper. Accellion said then that it released a patch to the fewer than 50 customers affected within 72 hours of learning of the breach. Accellion now tells a different story. It says it alerted all 320 potentially affected customers with multiple emails beginning on Dec. 22 — and followed up with emails and phone calls. Company spokesman Rob Dougherty would not directly address the New Zealand central bank's and Washington state auditor’s complaints. Accellion says fewer than 25 customers appear to have suffered significant data theft. A timeline released March 1 by the cybersecurity firm Mandiant, which Accellion hired to examine the incident, says the company got first word of the breach on Dec. 16. The Washington state auditor says its hack occurred on Christmas. The notification timing issue is serious. Washington state has already been hit by a lawsuit, and several have been filed against Accellion seeking class action. Other organizations could also face legal or other consequences. Last month, Harvard Business School officials emailed affected students to tell them that some Social Security numbers had been compromised as well as other personal information. Another victim, the Singapore-based telecommunications company Singtel, said personal data on about 129,000 customers was compromised. Too often, software companies with hundreds of programmers have just one or two security people, said Katie Moussouris, CEO of Luta Security. “We wish we could say that organizations were uniformly investing in security. But we’re actually seeing them just dealing with the breaches and then vowing to do better in the future. And that’s been sort of the business model.” Dougherty, the Accellion spokesman, said the attacks “had nothing to do with staffing,” but he would not say how many people directly assigned to security the company employed in mid-December. Cybersecurity threat analysts hope the snowballing of supply-chain hacks stuns the software industry into prioritizing security. Otherwise, vendors risk the fate that has befallen SolarWinds. In a filing this past week with the Securities and Exchange Commission, the company offered a bleak outlook. It said that as supply-chain hacks “continue to evolve at a rapid pace” it “may be unable to identify current attacks, anticipate future attacks or implement adequate security measures.” The ultimate, painful upshot, the document added: “Customers have and may in the future defer purchasing or choose to cancel or not renewal their agreements or subscriptions with us.” —- Associated Press writer Rachel La Corte in Olympia, Washington, contributed to this report. Frank Bajak, The Associated Press
TEHRAN, Iran — A British-Iranian woman held in an Iranian prison for five years on widely refuted spying charges ended her sentence on Sunday, her lawyer said, although it remains unclear when she can leave the country. Nazanin Zaghari-Ratcliffe was able to remove her ankle bracelet for the first time since she was released from prison on furlough last March because of the surging coronavirus pandemic, the lawyer said. She has been under house arrest at her parent’s home in Tehran since. “The situation of her leaving the country is not clear yet,” lawyer Hodjat Kermani told The Associated Press. Last fall, Iranian state TV abruptly announced a new indictment against Zaghari-Ratcliffe, but the trial was indefinitely adjourned. Iran's state-run IRNA news agency reported that Zaghari-Ratcliffe would be summoned to court on March 13 over these new charges, which include “spreading propaganda against the system.” Zaghari-Ratcliffe, 42, was sentenced to five years in jail after being convicted of plotting to overthrow Iran’s government, a charge that she, her supporters and rights groups vigorously deny. She was taken into custody at the airport with her toddler daughter after visiting family on holiday in the capital of Tehran. At the time, she was working for Thomson Reuters Foundation, the charitable arm of the news agency. In what the U.N. has criticized as an “emerging pattern,” Iran has frequently arrested dual citizens in recent years, often using their cases as bargaining chips for money or influence in negotiations with the West, something Tehran denies. The twists and turns of Zaghari-Ratcliffe’s detention have played out against a decades-old debt dispute between Britain and Iran. The countries have been negotiating the release of some 400 million pounds ($530 million) held by London, a payment the late Iranian Shah Mohammad Reza Pahlavi made for Chieftain tanks that were never delivered. The shah abandoned the throne in 1979 and the Islamic Revolution installed the clerically overseen system that endures today. Authorities in London and Tehran deny that Zaghari-Ratcliffe’s case is linked to the repayment deal. But a prisoner exchange that freed four American citizens in 2016 saw the U.S. pay a similar sum to Iran the same day of their release. Richard Ratcliffe, who for years has campaigned vocally for his wife’s release, has said that Iran was holding Zaghari-Ratcliffe in retaliation for the tank sale dispute. The Associated Press
If your smartphone's performance is letting you down, Kim Komando has 5 easy tips to give even an old phone a speed boost.
It's always beach season in Florida! Here's a look at 10 of our favorite to be when the sun rises over the Atlantic Ocean or the Gulf of Mexico.
The British-Iranian woman is scheduled to be released.
You'll need a down payment to close on a mortgage, but there are certain accounts you shouldn't raid for that money.
Want to make sure your Airbnb reviews are helping your business, not hurting it? Then study up on these commonly cited complaints as well as how to avoid them. Complaints about cleanliness (more specifically, a lack thereof) are easily the most common ones out there.
Kings of Leon: When You See Yourself review – not much to look at. (RCA)Drama and daring are swamped by wearying country rock on the Tennessee four-piece’s eighth outing
BRB, throwing away my curling iron.
TORONTO, March 5, 2021 /CNW/ - SEIU Healthcare, CUPE, and Unifor to announce 'Respect Us.' campaign on behalf of the unions' 175,000 combined health care members across Ontario.
The pandemic has spurred a wave of boat sales along with concerns about an increasing number of abandoned vessels washing up on B.C. shorelines. Now, the federal government is contributing $1.7 million to remove the boats and hold owners responsible in an effort to prevent the wrecks from wreaking havoc on the environment. John Roe is the director of the Dead Boats Disposal Society, a non-profit volunteer cleanup crew in Victoria. He says there are thousands of abandoned boats along B.C.'s coastline — everything from little dinghies to old fishing boats and 70-foot vessels. "We've been trying for a number of years to deal with it," he said. "When we find them they're usually in pretty poor shape. They've been sunk for a while or abandoned on a beach, full of garbage, stripped of anything of value and they're just left there." Roe says part of the problem is that boat ownership and maintenance has become expensive. As the population has increased, so has the cost of real estate and moorage. More people are interested in boat ownership but fewer marinas are being built, he said. VPD Marine Unit officers investigate the scene of a sunken boat in False Creek near the Cambie Bridge in Vancouver in December. (Ben Nelms/CBC) 'These vessels can really have significant impacts' Ryan Greville, manager of the Navigation Protection Program at Transport Canada, says most abandoned boats are found on the South Coast but they can be found everywhere, including lakes in B.C.'s Interior. "These vessels can really have significant impacts," Greville said. "An abandoned vessel can have all kinds of issues, whether it's environmental, to the different materials on a boat. As it breaks down, it can cause harm to the environment. It can have an impact to public safety." The Dead Boats Disposal Society works with Transport Canada to find abandoned boats and remove them, but cleanup costs can be as high a $75,000. The federal government recently pledged $1.7 million under its Abandoned Boats Program to help communities remove dozens more boats from waters and shorelines in B.C., Nova Scotia, and Newfoundland and Labrador. The new legislation under the Wrecked, Abandoned or Hazardous Vessels Act empowers the government to take more proactive measures on abandoned vessels, Greville said, and holds owners accountable. "It is now prohibited for someone to just abandon a boat," he said. "If we track them down there can be penalties, and if that vessel is posing a hazard, action can be taken to mitigate that hazard." Roe said it's a positive move but he'd like to see further steps taken to address the problem. "I would like to see a B.C. managed program very similar to tires and batteries. You gotta treat this as a waste management issue," he said. "They're garbage by the time we get them."
Northern Ireland’s First Minister has warned of an avalanche of checks on goods coming in to the region after grace periods end.
The former MEP is stepping back from active politics after 30 years of campaigning.
India has been downgraded from ‘free’ to ‘partly-free’ by a US-based Human Rights Watchdog.
British-Iranian aid worker faces fresh court hearing next week on separate charges
Moderna Inc said on Saturday it has agreed to supply the Philippines government with 13 million doses of its COVID-19 vaccine, with deliveries set to begin in mid-2021. Moderna said it expected to reach a separate deal with the Philippines government and private sector to supply an additional 7 million doses. The deal will boost the supply of COVID-19 vaccines in the Philippines, which on March 1 began its campaign to inoculate 70 million of its 108 million people to achieve herd immunity and reopen an economy that in 2020 saw its worst contraction on record.
New Delhi [India], March 7 (ANI): From being an efficient homemaker to running a campaign, launching an initiative, reporting an achievement, and many more, women have proven their mettle in every sphere across the world.
The mother-of-one has had her ankle tag removed but now faces another court date
From classic formulas to new contenders, get ready to find your new favourite base in our round-up